build/rules/contrib_restricted.policy


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

# == Rules for contrib/restricted section ==
#
# NOTE: rules should be ordered from specific to generic (first matching rule is used)
# See rule syntax docs: https://wiki.yandex-team.ru/devrules/overall/peerdirprohibition/

# scale_ipp filter for ffmpeg use Intel IPP hence it is nonfree
ALLOW strm/cv/ffmpeg_adcv/toshik_filters -> contrib/restricted/ffmpeg-3-scale-ipp

# CityHash-1.0.2 is a specific version hardwired into ClickHouse public interface 
ALLOW clickhouse -> contrib/restricted/cityhash-1.0.2 
ALLOW library/cpp/clickhouse -> contrib/restricted/cityhash-1.0.2
ALLOW saas/library/hash_to_block_mode -> contrib/restricted/cityhash-1.0.2
 
# dragonbox is a specific library for float formatting
ALLOW clickhouse -> contrib/restricted/dragonbox
 
# same rules for restricted set of sources in YQL
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/cityhash-1.0.2
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/boost
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/dragonbox
ALLOW ydb/library/yql/udfs/common/clickhouse/client -> contrib/restricted/fast_float

# fast_float is a faster alternative to double-conversion for float parsing.
# ClickHouse uses the best libraries for performance, that's why it changes them with insane speed.
# Arcadia is not ready for this, that's why we added this library in restricted.
ALLOW clickhouse -> contrib/restricted/fast_float

# ClickHouse uses hash-table from abseil-cpp for better performance in CacheDictionaries and SSDCacheDictionaries,
# because it the best best open source hash table framework (swiss hash tables, hash functions)
ALLOW clickhouse -> contrib/restricted/abseil-cpp

# TurboBase64 is a fast vectorized library for encoding/decoding base64.
ALLOW clickhouse -> contrib/restricted/turbo_base64

# For HBase client: CONTRIB-1790 
ALLOW passport/infra -> contrib/restricted/thrift
 
# keyutils is LGPL: CONTRIB-2236
ALLOW passport/infra -> contrib/restricted/keyutils

# For Apache Arrow: CONTRIB-1662
ALLOW mds -> contrib/restricted/uriparser

# https://st.yandex-team.ru/CONTRIB-2020
ALLOW weather -> contrib/restricted/range-v3

# ALSA library is LGPL
ALLOW yandex_io -> contrib/restricted/alsa-lib 
ALLOW smart_devices -> contrib/restricted/alsa-lib

# Avahi is LGPL 
ALLOW yandex_io -> contrib/restricted/avahi 
 
# GLib is LGPL
ALLOW maps/libs/img -> contrib/restricted/glib
ALLOW maps/renderer/libs/svgrenderer -> contrib/restricted/glib
ALLOW market/cataloger -> contrib/restricted/glib 
ALLOW market/idx/feeds/feedparser -> contrib/restricted/glib 
ALLOW metrika/core/libs/statdaemons -> contrib/restricted/glib 
ALLOW metrika/core/libs/strconvert -> contrib/restricted/glib 
ALLOW yandex_io -> contrib/restricted/glib 

# GStreamer is LGPL 
ALLOW yandex_io -> contrib/restricted/gstreamer 
ALLOW yandex_io -> contrib/restricted/gst-plugins-base 
ALLOW yandex_io -> contrib/restricted/gst-plugins-good 
ALLOW yandex_io -> contrib/restricted/gst-plugins-bad 
ALLOW yandex_io -> contrib/restricted/patched/gst-libav
 
# mpg123 is LGPL 
ALLOW extsearch/audio/kernel/recoglib -> contrib/restricted/mpg123 
 
# OpenAL Soft is LGPL 
ALLOW yandex_io -> contrib/restricted/openal-soft 
ALLOW speechkit -> contrib/restricted/openal-soft 
 
# rubberband is a GPL audio stretching library
ALLOW dict/mt/video -> contrib/restricted/rubberband

# Allowed subset of abseil is exported via library/
ALLOW library/cpp/containers/absl_flat_hash -> contrib/restricted/abseil-cpp/absl/container
ALLOW library/cpp/containers/absl_tstring_flat_hash -> contrib/restricted/abseil-cpp-tstring/y_absl/container

# spdlog is just yet another best logging engine 
# The best logging engine, however, is to be designed in CPPCOM-20 
ALLOW quasar/backend/src/base -> contrib/restricted/spdlog 
ALLOW crypta/lib/native/log -> contrib/restricted/spdlog 
ALLOW yandex_io -> contrib/restricted/spdlog 
ALLOW smart_devices/tools/launcher2 -> contrib/restricted/spdlog
ALLOW smart_devices/tools/updater -> contrib/restricted/spdlog
 
# cmph is a limited-use library
ALLOW ads/yacontext -> contrib/restricted/cmph

# http-parser is a low-level parser for http bytestream.
# Consider using high-level alternatives.
ALLOW mds -> contrib/restricted/http-parser 
ALLOW taxi/uservices -> contrib/restricted/http-parser
ALLOW yt/yt/core/http -> contrib/restricted/http-parser 
ALLOW yweb/robot/fetcher/fetcher/user/http -> contrib/restricted/http-parser 

# Prefer using skynet for data distribution 
ALLOW maps/infra/ecstatic -> contrib/restricted/libtorrent
 
# Consider using util / library/cpp/digest versions instead of a raw murmurhash functions.
#
# strm/common/go/pkg/murmur3 is a CGO binding to murmurhash, thus dependency is allowed
ALLOW strm/common/go/pkg/murmur3 -> contrib/restricted/murmurhash
ALLOW clickhouse -> contrib/restricted/murmurhash

# exiv2 is GPL-licensed. Only small subset of our libraries can use it.
ALLOW extsearch/images/chunks/exiftags -> contrib/restricted/exiv2
ALLOW maps/wikimap/mapspro/services/mrc/libs/common -> contrib/restricted/exiv2
ALLOW yweb/disk/ocraas -> contrib/restricted/exiv2

# Only allow boost in yandex projects listed below
ALLOW adfox -> contrib/restricted/boost 
ALLOW ads -> contrib/restricted/boost 
ALLOW advq -> contrib/restricted/boost 
ALLOW alice/nlu -> contrib/restricted/boost 
ALLOW alice/vins_contrib/crfsuitex -> contrib/restricted/boost 
ALLOW clickhouse -> contrib/restricted/boost 
ALLOW devtools -> contrib/restricted/boost 
ALLOW extsearch/geo/poi_service/tools/storage_reader -> contrib/restricted/boost 
ALLOW infra/contrib/pdns -> contrib/restricted/boost 
ALLOW juggler/pongerd -> contrib/restricted/boost 
ALLOW lbs/locator -> contrib/restricted/boost 
ALLOW library/cpp/testing/boost_test$ -> contrib/restricted/boost/libs/test
ALLOW library/cpp/testing/boost_test_main$ -> contrib/restricted/boost/libs/test
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/boost
ALLOW logbroker/pipe-parser -> contrib/restricted/boost 
ALLOW mail -> contrib/restricted/boost 
ALLOW maps -> contrib/restricted/boost 
ALLOW market/idx/feeds/feedparser -> contrib/restricted/boost 
ALLOW market/idx/stats/src -> contrib/restricted/boost 
ALLOW mds -> contrib/restricted/boost 
ALLOW metrika -> contrib/restricted/boost 
ALLOW netsys/tiles-vcdiff/gen-tiles -> contrib/restricted/boost 
ALLOW orgvisits/dwellplaces -> contrib/restricted/boost 
ALLOW orgvisits/heuristics -> contrib/restricted/boost 
ALLOW orgvisits/library/soc -> contrib/restricted/boost 
ALLOW quasar/backend -> contrib/restricted/boost 
ALLOW regulargeo/research -> contrib/restricted/boost 
ALLOW rem/python/geobase30 -> contrib/restricted/boost 
ALLOW drive/contrib/cpp/telemetry -> contrib/restricted/boost
ALLOW smart_devices -> contrib/restricted/boost 
ALLOW statbox/libstatbox -> contrib/restricted/boost 
ALLOW taxi/uservices -> contrib/restricted/boost
ALLOW tools/idl -> contrib/restricted/boost 
ALLOW voicetech/tools -> contrib/restricted/boost 
ALLOW weather/archive/grid_api/lib -> contrib/restricted/boost
ALLOW yabs/telephony -> contrib/restricted/boost 
ALLOW yandex_io -> contrib/restricted/boost 
ALLOW yweb/robot/js -> contrib/restricted/boost 
ALLOW market/access/server/env -> contrib/restricted/boost
ALLOW sdg/library/cpp/ros_msg_parser -> contrib/restricted/boost
ALLOW search/meta/scatter/ant -> contrib/restricted/boost
ALLOW search/meta/scatter/ut -> contrib/restricted/boost

# use GTEST target in ya.make instead of PEERDIRing contrib/restricted/googletest
# and include <library/cpp/testing/gtest.h> instead of <gtest/gtest.h> (<gmock/gmock.h>)
ALLOW contrib -> contrib/restricted/googletest
ALLOW library/cpp/testing/gmock_in_unittest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_boost_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_extensions -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_main -> contrib/restricted/googletest
ALLOW library/cpp/testing/gtest_protobuf -> contrib/restricted/googletest
ALLOW library/python/testing/gtest/test/gtest -> contrib/restricted/googletest
# TODO remove this lines after they will switch to library/cpp/testing/gtest
ALLOW mail -> contrib/restricted/googletest
ALLOW maps/mobile/libs -> contrib/restricted/googletest
ALLOW maps/mobile/bundle -> contrib/restricted/googletest
ALLOW mds -> contrib/restricted/googletest
# A mere proxy to allow using gmock in libraries without being bound to specific test framework
# See IGNIETFERRO-1827 for details.
ALLOW library/cpp/testing/gmock -> contrib/restricted/googletest/googlemock

# allow usage of MIT part
ALLOW .* -> contrib/restricted/librseq/headeronly

# we use nfs-ganesha for Network File Store gateway
ALLOW cloud/filestore/gateway/nfs -> contrib/restricted/nfs_ganesha

ALLOW yandex_io -> contrib/restricted/patched/hostap_client

# Default policies:
#
# Do not restrict contrib
# All peerdirs to contrib/restricted from outside are prohibited
#
ALLOW contrib -> contrib/restricted
DENY .* -> contrib/restricted